Re: Issues with firewall filter on Juniper EX4550

I created test filter and applied it on Vlan interface:

admin@4550-1# show firewall family inet filter VLAN-int
term allow-ssh {
    from {
        source-prefix-list {
            CLI-SNMP-access;
        }
        protocol tcp;
        destination-port [ ssh telnet ];
    }
    then accept;
}
term deny-ssh {
    from {
        protocol tcp;
        destination-port [ ssh telnet ];
    }
    then {
        discard;
    }
}
term final {
    then accept;
}

{master:0}[edit]
admin@4550-1# show interfaces vlan unit 101
family inet {
    filter {
        input VLAN-int;
    }
    address 185.61.153.249/29;
}

{master:0}[edit]

SSH access is not still filtered. I can login from address that is not located in CLI-SNMP-access prefix list:

[root@2ip ~]# traceroute 185.61.153.249
traceroute to 185.61.153.249 (185.61.153.249), 128 hops max, 40 byte packets
 1  v524.ares.dc.volia.com (77.120.119.3)  0.280 ms  0.376 ms  0.217 ms
 2  88.112.120.77.colo.static.dcvolia.com (77.120.112.88)  0.730 ms  0.453 ms  0.427 ms
 3  lag5-40g.agg-1.ss13.kiev.volia.net (77.120.1.165)  0.424 ms  0.345 ms  0.313 ms
 4  be14.201.cr-2.g50.kiev.volia.net (77.120.1.81)  0.828 ms  0.772 ms  0.813 ms
 5  be3-40g.cr-1.g50.kiev.volia.net (77.120.1.41)  0.951 ms  0.890 ms  1.116 ms
 6  be4495.rcr21.kbp01.atlas.cogentco.com (149.6.191.49)  1.075 ms  1.338 ms  1.163 ms
 7  be2679.ccr21.bts01.atlas.cogentco.com (130.117.48.93)  19.181 ms
    be2680.ccr22.bts01.atlas.cogentco.com (154.54.36.233)  19.130 ms
    be2679.ccr21.bts01.atlas.cogentco.com (130.117.48.93)  20.270 ms
 8  be2988.ccr21.vie01.atlas.cogentco.com (154.54.59.86)  19.956 ms
    be2990.ccr21.vie01.atlas.cogentco.com (154.54.59.94)  19.955 ms
    be2988.ccr21.vie01.atlas.cogentco.com (154.54.59.86)  20.081 ms
 9  telia.vie01.atlas.cogentco.com (130.117.14.90)  19.820 ms  20.538 ms  19.809 ms
10  prag-bb1-link.telia.net (80.91.246.50)  25.839 ms
    prag-bb1-link.telia.net (62.115.137.10)  26.126 ms
    win-bb2-link.telia.net (62.115.112.196)  20.199 ms
11  hbg-bb4-link.telia.net (62.115.119.46)  38.345 ms
    hbg-bb1-link.telia.net (62.115.135.20)  64.709 ms
    hbg-bb4-link.telia.net (62.115.119.52)  37.726 ms
12  adm-bb3-link.telia.net (80.91.248.246)  43.535 ms
    adm-bb3-link.telia.net (62.115.134.196)  43.277 ms
    adm-bb4-link.telia.net (80.91.248.240)  43.727 ms
13  adm-b2-link.telia.net (213.155.137.187)  44.477 ms
    adm-b2-link.telia.net (62.115.141.35)  44.399 ms
    adm-b2-link.telia.net (213.155.137.183)  44.184 ms
14  incapsula-ic-309286-adm-b2.c.telia.net (213.248.103.230)  41.370 ms  41.190 ms  41.447 ms
15  185.61.153.249 (185.61.153.249)  57.678 ms  57.756 ms  57.738 ms